gm-execute

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill forces execution against real services and actual code, requiring the agent to import modules and log/witness real outputs (which can include API keys, tokens, or passwords) and then propagate those verbatim to resolve mutables or invoke the next skill, creating a direct secret-exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill prescribes autonomous arbitrary code execution (multi-language exec:...), file I/O and git operations, forced deletion of test/mocks, suppression of user interaction, background/parallel agents and browser instrumentation — together these are clear enablers of remote code execution, evidence hiding, and covert data access/exfiltration, representing high-risk malicious intent and backdoor potential.